#!/bin/sh

##############################################
# Nginx-Hardened Startup Script              #
##############################################

# Detect old version and upgrade
Nginxchroothash=$(sha256sum /srv/nginxchroot/usr/sbin/nginx | awk '{print $1}')
Nginxoutsidehash=$(sha256sum /usr/sbin/nginx | awk '{print $1}')
if [ "$Nginxchroothash" != "$Nginxoutsidehash" ]
then
    echo "New version of Nginx detected! Updating chroot before running."
    umount /srv/nginxchroot/tmp
    umount /srv/nginxchroot/var/run
    rm -rf /srv/nginxchroot
    wait
    /bin/sh -c "/usr/libexec/nginx-hardened-scripts/nginxchroot.sh"
    wait
fi

# Start Nginx inside of our chroot
echo "Running Nginx..."
chroot --userspec=http:http /srv/nginxchroot /usr/sbin/nginx -f /etc/nginx/nginx.conf
